extension supply chain
-
ForceMemo offshoot of GlassWorm force pushes malware into hundreds of Python repositories
A supply chain campaign called ForceMemo stole GitHub tokens and force-pushed obfuscated code into hundreds of Python repositories starting March 8, 2026. Compromised packages and pip installs may deliver remote payloads.
-
GlassWorm campaign escalates with transitive Open VSX extensions
A Socket report flagged a GlassWorm escalation in Open VSX with 72 malicious extensions found since January 31, 2026. The campaign uses transitive extension installs and invisible Unicode obfuscation to deliver payloads.
-
Five malicious Rust crates exfiltrated .env files and AI bot exploited GitHub Actions
Researchers found five malicious Rust crates on crates.io that exfiltrated .env files. Packages were removed. Users should rotate secrets, audit CI workflows and restrict outbound access to reduce supply chain risk.
-
Two Chrome extensions weaponized after ownership transfers, affecting about 7,800 users
Two Chrome extensions were weaponized after ownership transfers, allowing remote JavaScript to bypass protections and harvest credentials. QuickLens affected about 7,000 users and ShotBird about 800 users. Users should remove unknown extensions and audit browsers.
